ISMS Manager

ISMS Manager (Information Security Management) Location: Nottingham, United Kingdom About Ativion Ativion is a bold, award‑winning leader in EDTech, cybersecurity, and remote‑access technologies. Established in 2002 as Impero Software, we rebranded in 2024 to reflect our dynamic blend of action and vision—bringing cutting‑edge, scalable solutions to education and enterprise globally. We empower educators, administrators, and organisations by protecting over 10 million students across more than 80 countries. Our MissionWe’re dedicated to “Safeguard. Connect. Defend.”—delivering tools that empower safe learning environments, seamless connectivity, and robust data protection in an increasingly digital world. What We Build StudentKeeper: A unified platform combining content filtering, classroom & device management, and student well‑being tools—all backed by AI—to foster safer, more engaging learning spaces. ContentKeeper: Our intelligent web‑filtering and cybersecurity engine for K‑12 environments, offering full‑device filtering (including iPads), real‑time contextual filtering, and compliance support. Role Overview The ISMS Manager will maintain, mature, and continuously improve Ativion’s Information Security Management System (ISMS). The role ensures ongoing compliance with ISO 27001:2022 and Cyber Essentials certifications while protecting the confidentiality, integrity and availability of company and customer data across our global operations. Additionally, you will evaluate and help develop the business case for pursuing additional relevant security and privacy certifications or attestations. Key Responsibilities ISMS Governance & Maintenance Maintain and continuously improve Ativion’s ISO 27001:2022 certified ISMS across all operational regions. Manage annual Cyber Essentials and Cyber Essentials Plus renewal and certification processes. Coordinate ISO 27001 surveillance audits (annual) and recertification cycles (3‑year). Review, update, and maintain information security policies, procedures and control documentation. Manage corrective and preventive action (CAPA) processes arising from audits and assessments. Coordinate and conduct internal audit programmes to ensure control effectiveness. Continuous Improvement & Strategy Stay current with emerging threats, vulnerabilities, technologies and compliance standards. Monitor changes to ISO 27001, Cyber Essentials/Cyber Essentials Plus and relevant regulatory frameworks. Identify and recommend strategic improvements to strengthen organisational security posture. Participate in security‑related projects and initiatives across the organisation. Legal, Regulatory & Policy Liaison Serve as the operational liaison between the ISMS function and the Legal Department. Collaborate with the Legal Director on the review and approval of all information security and data protection policies. Coordinate updates to the Statement of Applicability (SoA), risk treatment plans and related documentation for legal and executive sign‑off. Monitor and ensure ISMS controls reflect and support compliance with legal, regulatory and contractual obligations, including UK GDPR, GDPR and PIPEDA. Support Legal/DPO in responding to security‑related contractual inquiries (e.g., bespoke DPAs), regulatory requests and incident response obligations. Risk & Compliance Management Conduct regular risk assessments and treatment activities in accordance with ISO 27001 requirements. Manage external certification audits, regulatory inquiries and compliance assessments. Oversee vendor and supplier security due diligence assessments and third‑party risk management (e.g., data privacy compliance). Track and report on security metrics, KPIs and control effectiveness to leadership. Maintain SoA and risk treatment plans. Support Product and Legal with conducting and updating Data Processing Impact Assessments (DPIA). Security Operations & Improvement Oversee vulnerability management programmes, including identification, prioritisation, remediation and tracking. Lead incident response planning, coordination and post‑incident review processes in coordination with the DPO. Collaborate with IT teams to ensure secure architecture, operations and configuration management. Drive ISMS maturity improvements based on audit findings, industry best practices and emerging threats. Coordinate business continuity and disaster recovery planning activities. Evaluate and recommend security tools and technologies to enhance security posture. Awareness, Training & Culture Design, deliver and maintain security awareness training programmes and data compliance training for employees and contractors globally. Develop role‑based security training content tailored to different business functions. Foster a security‑conscious culture through proactive communication, engagement and education initiatives. Track and report on training completion rates and effectiveness. Required Qualifications Bachelor’s degree in Information Security, Computer Science, Risk Management or a related field (or equivalent practical experience). ISO 27001 Lead Implementer or Lead Auditor certification (essential). Additional professional certifications preferred: CISSP, CISM, CISA or equivalent. Experience Minimum 4‑5 years of experience maintaining and improving an ISMS framework in a technology or SaaS environment. Proven track record managing ISO 27001 surveillance audits and recertification cycles. Hands‑on experience with Cyber Essentials or Cyber Essentials Plus certification processes. Experience conducting risk assessments, internal audits and compliance gap analyses. Demonstrated experience with vulnerability management and incident response processes. Background working with multi‑regional compliance requirements. What We Offer Opportunity to shape the information security framework of a growing global company. Collaborative and mission‑driven culture. Flexible, remote‑first work environment. Competitive compensation and benefits package. #J-18808-Ljbffr